The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when showHidden is false.
7.5CVSS
7.4AI Score
0.002EPSS
formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula's parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this vulnerability.
6.5CVSS
6.3AI Score
0.001EPSS